1 / 13

THE STUDY OF BOT TECHNOLOGY FOR ONLINE GAMES

THE STUDY OF BOT TECHNOLOGY FOR ONLINE GAMES. Authors: Chun Wu, Guo-hun Zhu, Yong-hua Wu , Rong Xiang Source: International Conference on Genetic and Evolutionary Computing 2009, Page 654-656, Oct. 2009 Presented by Chao-Chuan Chen 2010/08/05.

lela
Download Presentation

THE STUDY OF BOT TECHNOLOGY FOR ONLINE GAMES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THE STUDY OF BOT TECHNOLOGY FOR ONLINE GAMES Authors: Chun Wu, Guo-hun Zhu, Yong-hua Wu , Rong Xiang Source: International Conference on Genetic and Evolutionary Computing 2009, Page 654-656, Oct. 2009 Presented by Chao-Chuan Chen 2010/08/05

  2. Outline • Introduction • The Type of Bot • Bot Realization Principle • Bot System • DLL Inject Technology • Anti-global Hook Technology • Anti-Hook API Technology • Conclusions

  3. Introduction • As network games increasingly prevail, the make of bot is established because a large number of PC online game player extremely demand the robot. • The problem of bot can be divided into the game harm, the players harm and the social harm.

  4. The Type of Bot • (1) Action type. • (2) Local modification type. • (3) Packet type.

  5. Bot Realization Principle Step 1 It is used disassembly game virtual memory to find data address. Step 2 Call function can be called by game source code. Step 3 Need to inject function. (thread technology or hook technology)

  6. Bot System Bot Hook inject Send message Dll Game virtual address space Call Game client Receive Send Game server

  7. DLL Inject Technology • DLL file which is called dynamic-link library file is the basis of Windows component. • SetWindowsHookEx. • CreateRemoteThread.

  8. Anti-global Hook Technology(1/3) • The system cannot call function LoadLibrary. • If the function LoadLibrary return address is in the user32.dll address space. • We provide a new function whose name is newLoadLibraryExW to instead of function LoadLibraryExW.

  9. Anti-global Hook Technology(2/3) 程序A LoadLibrayExW call LoadlibraryExW push 34h push 7C80E288h call 7C8024CB 9

  10. Anti-global Hook Technology(3/3) 程序A LoadLibrayExW call LoadlibraryExW jmp newLoadlibraryExW load + 0 80 7C load + 5 call 7C8024CB load + 7 newLoadLibrayExW fakeLoadLibrayExW push 34h fake + 0 push 7C80E288h fake + 2 jmp LoadLibrayExW +7 fake + 7 do something call fakeLoadLibrayExW

  11. Anti-hook API Technology(1/2) hLib=GetModuleHandle("MyDll"); pFun=GetProcAddress(hLib, MyFun"); Fun= etProcAddress(hLib, "..."); if(pFun<hLib||pFun>(hLib+codesize)) { ...// } LPBYTE pByte= (LPBYTE) pFun; if(pByte==0xE9) { ...// }

  12. Anti-hook API Technology(2/2) hLib = GetModuleHandle("MyDll"); pFun = GetProcAddress(hLib,"MyFun"); if(pFun < hLib ||pFun > (hLib + codesize) ) { ...// } ---------------------------------------------- hLib = GetModuleHandle("MyDll"); pFun= GetProcAddress(hLib, "..."); LPBYTE pByte = (LPBYTE)pFun; if(*pByte == 0xE9) { ...// }

  13. Conclusions • This method can successfully prevent the process hooked according to the system cannot call function LoadLibrary. • But as long as the bot designer find out the key technology of anti-bot…… • Therefore the anti-bot system must be start with the larger aspects, such as the system that the consumers use, the consumers’ qualities, the rule of low and so on.

More Related